Disable mlock for vault
This commit is contained in:
parent
9a5faed3d9
commit
edcde96ded
|
@ -45,7 +45,7 @@ job "acme-to-vault" {
|
|||
user = 8787
|
||||
|
||||
config {
|
||||
image = "danielberteaud/acme-to-vault:24.1-1"
|
||||
image = "danielberteaud/acme-to-vault:24.1-2"
|
||||
readonly_rootfs = true
|
||||
pids_limit = 20
|
||||
|
||||
|
|
|
@ -24,7 +24,8 @@ ENV ACME_HTTP_PORT=8787 \
|
|||
ACME_0_CA=https://acme-staging-v02.api.letsencrypt.org/directory \
|
||||
ACME_0_KV_CERT_ROOT=kv/service/traefik/certs \
|
||||
ACME_0_KV_ACCOUNT_ROOT=kv/service/acme-to-vault/account \
|
||||
VAULT_ADDR=https://vault.service.example.org:8200
|
||||
VAULT_ADDR=https://vault.service.example.org:8200 \
|
||||
VAULT_DISABLE_MLOCK=true
|
||||
|
||||
COPY --from=vault /usr/local/bin/vault /usr/local/bin/vault
|
||||
RUN set -eu &&\
|
||||
|
|
|
@ -24,7 +24,8 @@ ENV ACME_HTTP_PORT=8787 \
|
|||
ACME_0_CA=https://acme-staging-v02.api.letsencrypt.org/directory \
|
||||
ACME_0_KV_CERT_ROOT=kv/service/traefik/certs \
|
||||
ACME_0_KV_ACCOUNT_ROOT=kv/service/acme-to-vault/account \
|
||||
VAULT_ADDR=https://vault.service.example.org:8200
|
||||
VAULT_ADDR=https://vault.service.example.org:8200 \
|
||||
VAULT_DISABLE_MLOCK=true
|
||||
|
||||
COPY --from=vault /usr/local/bin/vault /usr/local/bin/vault
|
||||
RUN set -eu &&\
|
||||
|
|
|
@ -5,7 +5,7 @@ instance: acme-to-vault
|
|||
|
||||
acme:
|
||||
# The Docker image to use
|
||||
image: '[[ .docker.repo ]]acme-to-vault:24.1-1'
|
||||
image: '[[ .docker.repo ]]acme-to-vault:24.1-2'
|
||||
|
||||
# If a cron expression is defined, the service will stay running and renew certs.
|
||||
# If an empty string, the container will exit after running once
|
||||
|
|
Loading…
Reference in New Issue